This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

White and Black box testing of Lotus Domino Applications

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Casey Ari.JPG
IBM’s Lotus Domino is a unique server platform which requires a unique procedure for both black and white box testing. Many standard attacks such as SQL injection are simply not possible with Domino, although at the same time many other, often more dangerous attacks are possible. A perusal of the commonly used tools reveals that there is very limited coverage of the attacks which are unique to Domino, and very little literature seems to exist. This paper seems to present the background information on how Domino works, as well as the framework for Domino specific black and whitebox testing.

The speakers

Ari Elias-Bachrach

Ari is a CISSP and CEH. He has a BS in computer science from Washington University in St. Louis, and a MS in computer science with a focus on information security from The George Washington University. Previously he worked for the federal government, followed by a stint in the private sector as a consultant performing external penetration testing and web application reviews. Now he works as an in-house information security engineer focusing on web applications.

Casey Pike

Casey is a IBM Certified Advanced System Administrator and an MSCA+. He has a BS in information sciences from the University of Maryland, College Park. After consulting for the federal government and private firms designing and building Lotus Domino environments, he works as an in-house systems engineer for a cooperative financial institution.